The FBI has seized the RAMP cybercrime forum, and its Tor and clearnet domains now display an FBI seizure notice with name servers switched to ns1.fbi.seized.gov and ns2.fbi.seized.gov. The action gives law enforcement access to user data that could identify operators and affiliates, and alleged RAMP founder Mikhail Matveev (aka Orange) has acknowledged the seizure after being previously linked to Babuk, LockBit, and Hive operations. #RAMP #Babuk
Keypoints
- FBI seized the RAMP forum and replaced its Tor and clearnet sites with a seizure notice.
- Domain name servers were switched to ns1.fbi.seized.gov and ns2.fbi.seized.gov, indicating FBI control.
- The seizure likely gives investigators access to emails, IP addresses, private messages, and other user data.
- RAMP launched in 2021 as one of the few forums openly promoting ransomware, used by gangs to recruit and trade access.
- RAMPβs founder, known as Orange and identified as Mikhail Matveev, has been linked to Babuk and indicted by the DOJ.